Using object-specific frequency information from labeled data to improve a CNN’s robustness to adversarial attacks

Bachelor thesis (2021)

Authors

N. Mertzanis Electrical Engineering, Mathematics and Computer Science

Contributors

N. Tömen Pattern Recognition and Bioinformatics - EEMCS (mentor)
A. Lengyel Pattern Recognition and Bioinformatics - EEMCS (graduation committee member)
Y. Lin Pattern Recognition and Bioinformatics - EEMCS (graduation committee member)
S. Pintea Pattern Recognition and Bioinformatics - EEMCS (coach)
Faculty
Electrical Engineering, Mathematics and Computer Science, Electrical Engineering, Mathematics and Computer Science
Copyright: © 2021 Nick Mertzanis
More Info
expand_more

Published Date

01-07-2021

Language

English

Reuse Rights

Other than for strictly personal use, it is not permitted to download, forward or distribute the text or part of it, without the consent of the author(s) and/or copyright holder(s), unless the work is under an open content license such as Creative Commons.

Faculty

Electrical Engineering, Mathematics and Computer Science

Abstract

Convolutional Neural Networks are particularly vulnerable to attacks that manipulate their data, which are usually called adversarial attacks. In this paper, a method of filtering images using the Fast Fourier Transform is explored, along with its potential to be used as a defense mechanism to such attacks. The main contribution that differs from other methods that use the Fourier Transform as a filtering element in neural networks is the use of labeled data to determine how to filter the pictures. This paper concludes that, while the filtering proposed is hardly better than a simple low-pass filter, it still manages to improve resistance to adversarial attacks with a minimal drop in the standard accuracy of the network.